HOWTO: Thwarting SIP Scanners during Set-up

<< < (15/20) > >>

Mango:
If SP2 is configured for Google Voice, the SIP scanners must be arriving via SP1.  You can confirm my guess by checking Call History.

For SP1, is your AuthUserName the same as 1xxxxxxx?  If not, that is why your X_InboundCallRoute failed.  The correct syntax is:

{>('Insert your AuthUserName here'):ph}

If you use port forwarding or DMZ on your router, you should remove it, unless things won't work any other way.  Using port forwarding or DMZ disables your router's firewall and leaves your OBi open to the internet.  If you're not doing this, then you have a "full cone NAT" router which is effectively a port forward.  If possible, configure your router so that its firewall is more secure.

Jax69:
The configuration I now have is preventing the scan to come through. I don't have a DMZ or use port forwarding so just regular NAT is in place. I'll have to relook at the settings on the router. Not sure if I really need the Simon Technologies setting I may delete it unless it really has a purpose. I think GV currently uses a caller id type thing.

I'm not really technical when it comes to PBX config but I can muddle my way through it. Thank you for the feedback.

Update:
I went ahead and updated the SP1 back so it matched the SP2 setting and scanning calls started again so I know it's from the Simon Technologies site or set up that is causing the issue. I'll have to delete that setting in SP1.

Veronica:
Hello 2 days ago i received over 10 calls from "1001" it's been a long time since i didn't receive 1001, 100 or 101 ghosting calls. So i got fed up and starting browsing the web for a solution and i found other forum which suggested to change X_UserAgentPort (i checked but i already had done that for both my SPx services) and this:

{(?|x|xx|xxx|xxxx|xxxxx):},{ph}

My setup is SP1 for FreePhoneLine (canadian #) and SP2 for Google Voice. Confirmed all the ghosting calls came from SP1 looking at Call History.

The method described above worked i guess because i didn't received more calls from "1001" BUT yesterday and today (this last woke me up so i unplugged my OBI 110 power) received calls from "default". So i had no more choice than keep looking for a solution and just found these thread very fast.

I just setup {>('Insert your AuthUserName here'):ph} and will report back if i get those again. I just hope there is no problem for "Unknown" calls.

Mango:
The rule you used previously seems to block anonymous calls, and with a Caller ID of five or less characters numbers.  Since "default" is seven characters not numeric, the call was routed to your phone.  Your new rule should be more reliable as it only accepts calls destined for your AuthUserName.

I also suggest you set X_UserAgentPort to a random number between 20000 and 65535.  Obscurity is part of security.  Out of curiosity, what was your X_UserAgentPort set to, when you received the call from "default"?

Edits for technical accuracy.

Veronica:
ok, i just realised about that, results i got confused. I thought "x" took numbers also too.

Anyways the port i use is 5080, i know that's not too far from 5060.

Navigation

[0] Message Index

[#] Next page

[*] Previous page